Lucene search

Redhat.comRH:CVE-2022-23551

HistoryDec 22, 2022 - 8:36 p.m.

CVE-2022-23551

2022-12-2220:36:01

redhat.com

access.redhat.com

flaw

aad-pod-identity

token bypass

backslash

proper validation

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L

EPSS

0.001

Percentile

40.1%

JSON

A flaw was found in aad-pod-identity. This issue could allow an attacker to obtain a token when a request is made that includes a backslash, bypassing proper validation and completing the request.

References

bugzilla.redhat.com/show_bug.cgi?id=2155904

github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d

github.com/Azure/aad-pod-identity/releases/tag/v1.8.13

github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc

nvd.nist.gov/vuln/detail/CVE-2022-23551

www.cve.org/CVERecord?id=CVE-2022-23551

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L

EPSS

0.001

Percentile

40.1%

JSON

Related for RH:CVE-2022-23551